CMMI Institute

CMMI & CMMC

Committed to Cybersecurity Success and Resilience

 

Our 3-step gap analysis program will simplify and accelerate your CMMC preparation by leveraging your existing CMMI investment and infrastructure.

 

  1. Plan & Prepare for Appraisal

    Analyze requirements, develop appraisal plan, and ensure readiness to conduct the appraisal.

  2. Conduct Appraisal

    Collect and examine objective evidence, characterize practices and validate preliminary results, and generate appraisal results.

  3. Report Results

    Deliver appraisal results and package and archive appraisal assets.

Let the Authority Help You - Bridge the Gap

CMMC is foundationally built, in part, on the CMMI model and methodology. ISACA is actively working with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations like the Public Services Council for the success of the CMMC ecosystem. Our 3-step gap analysis program will simplify and accelerate your CMMC preparation by leveraging your existing CMMI investment and infrastructure.

CMMC is foundationally built, in part, on the CMMI model and methodology.

ISACA-CMMI Institute is deeply committed to improving the cybersecurity capabilities of our clients and partners, including the Defense Industrial Base (DIB).  We have been working with the Department of Defense (DoD) as a member of the initial Cybersecurity Maturity Model Certification (CMMC) Stakeholder Committee and we are grateful and honored to be able to continue to contribute to the establishment and ongoing success of the CMMC ecosystem. Going forward into 2020 and beyond, we will continue to work with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations by leveraging our deep experience and capabilities in:

Cybersecurity training and certifications for individuals, organizations and instructors

Cybersecurity training and certifications, performance-based learning for individuals, organizations and instructors

Model-based process assessments, including assessment methods and operations, quality control and assurance

Model-based process and performance assessments, including assessment methods and operations, and quality assurance

Maturity-based organizational accreditation

Maturity- and capability-based organizational accreditation and verification

Cybersecurity and process auditing and improvement

Cybersecurity process and controls auditing and performance improvement

Why CMMC?

The DoD estimates that U.S. companies are losing over $6 billion USD each year in intellectual capital to competitors due to lack of any cybersecurity or awareness. Cyber attacks are on the increase and organizations must take action to protect Controlled Unclassified Information (CUI) and improve related cybersecurity processes and controls so important to national defense.

What is DoD’s Goal?

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and cannot be treated as a “tradeoff” option along with cost, schedule, and performance. The DoD is committed to working with the DIB to enhance the protection of CUI and cyber controls and hygiene within the supply chain using the Cybersecurity Maturity Model Certification (CMMC) framework. CMMC assessments will target, review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced/progressive. For a given CMMC level, the associated controls and processes, when implemented, are designed to reduce risk against a specific set of cyber threats.

The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on a "trust yet verify" approach with respect to DoD cybersecurity requirements. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. The intent is for certified independent 3rd party organizations to conduct CMMC assessments on DIB suppliers to improve their cybersecurity capabilities and to inform them on their risks.

Who are the Key Players?

OUSD (A&S) is working with DoD stakeholders, academia, Federally Funded Research and Development Centers (FFRDCs), and industry to develop and then implement the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC Accreditation Body (AB) was established in January, 2020, and the Memorandum of Understanding (MOU) between the DoD and CMMC AB to setup and operate the CMMC program was signed in March.  The AB has established numerous working groups to get the initial aspects of the ecosystem in place in Q1 and Q2 of 2020.

ISACA’s Subject Matter Experts, and Certified CMMI Lead Appraisers Ron Lear, and Kevin Schaaff, have been active volunteer members of the CMMC Accreditation Body’s CMMC Assessment Methodology Working Groups since inception. This includes the Assessment Methodology Working Group and the Accelerated Assessment Working Group, which were combined into a single working group in July of 2020.  As part of these two critical CMMC AB Working Groups, Mr. Lear and Mr. Schaaff were the primary authors for the current CMMC Assessment Methodology, integrated processes and training content and related materials.  Both remain currently active in the WG volunteer activities as the CMMC ecosystem moves into its initial launch phase.

Read our latest CMMC Blog Post!

Sign up to learn more

Please complete form below to let us know your level of interest in CMMC.
* denotes required field.